CVE-2023-52080

Name of the Vulnerable Software and Affected Versions IEIT NF5280M6 UEFI firmware versions through 8.4

Description The issue is caused by improper use of the gRT->GetVariable() function, leading to a pool overflow vulnerability. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. If critical data in memory is tampered with, a crash may occur.

Recommendations For IEIT NF5280M6 UEFI firmware versions through 8.4, consider restricting access to local NVRAM variables to minimize the risk of exploitation. As a temporary workaround, avoid modifying variables on SPI Flash until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.